mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-21 02:08:48 +02:00
Update the VPN Basics document for 5.0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
02ab9cd4ac
commit
9203c8a4a9
@ -115,7 +115,7 @@
|
|||||||
|
|
||||||
<para>Incoming traffic is similar.</para>
|
<para>Incoming traffic is similar.</para>
|
||||||
|
|
||||||
<graphic align="center" fileref="images/VPNBasics.png" />
|
<graphic align="center" fileref="images/VPNBasics.png"/>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section id="Shorewall">
|
<section id="Shorewall">
|
||||||
@ -203,8 +203,8 @@ loc ipv4
|
|||||||
|
|
||||||
<para><filename>/etc/shorewall/interfaces</filename>:</para>
|
<para><filename>/etc/shorewall/interfaces</filename>:</para>
|
||||||
|
|
||||||
<programlisting>#ZONE INTERFACE BROADCAST OPTION
|
<programlisting>#ZONE INTERFACE OPTION
|
||||||
net eth0 - tcpflags,routefilter
|
net eth0 tcpflags,routefilter
|
||||||
loc eth1 -
|
loc eth1 -
|
||||||
<emphasis role="bold">rem ppp0 -</emphasis></programlisting>
|
<emphasis role="bold">rem ppp0 -</emphasis></programlisting>
|
||||||
</section>
|
</section>
|
||||||
@ -216,7 +216,7 @@ loc eth1 -
|
|||||||
client(s) and the local zone. You can do that with a couple of
|
client(s) and the local zone. You can do that with a couple of
|
||||||
policies:</para>
|
policies:</para>
|
||||||
|
|
||||||
<programlisting>#SOURCE DESTINATION POLICY LEVEL BURST/LIMIT
|
<programlisting>#SOURCE DESTINATION POLICY LOGLEVEL BURST
|
||||||
rem loc ACCEPT
|
rem loc ACCEPT
|
||||||
loc rem ACCEPT</programlisting>
|
loc rem ACCEPT</programlisting>
|
||||||
|
|
||||||
@ -259,8 +259,8 @@ rem2 ipv4 #Remote LAN 2</emphasis></programlisting>
|
|||||||
|
|
||||||
<para><filename>/etc/shorewall/interfaces</filename>:</para>
|
<para><filename>/etc/shorewall/interfaces</filename>:</para>
|
||||||
|
|
||||||
<programlisting>#ZONE INTERFACE BROADCAST OPTION
|
<programlisting>#ZONE INTERFACE OPTION
|
||||||
net eth0 - tcpflags,routefilter
|
net eth0 tcpflags,routefilter
|
||||||
loc eth1 -
|
loc eth1 -
|
||||||
<emphasis role="bold">- tun+ -</emphasis></programlisting>
|
<emphasis role="bold">- tun+ -</emphasis></programlisting>
|
||||||
|
|
||||||
@ -291,15 +291,14 @@ rem2 tun+:10.0.1.0/24</emphasis></programlisting>
|
|||||||
<para>/<filename>etc/shorewall/tunnels</filename>:</para>
|
<para>/<filename>etc/shorewall/tunnels</filename>:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
|
<programlisting>#TYPE ZONE GATEWAY GATEWAY_ZONE
|
||||||
ipsec Z1 1.2.3.4 Z2</programlisting>
|
ipsec Z1 1.2.3.4 Z2</programlisting>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
|
|
||||||
<para><filename>/etc/shorewall/rules</filename>:</para>
|
<para><filename>/etc/shorewall/rules</filename>:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#ACTION SOURCE DEST PROTO DEST SOURCE
|
<programlisting>#ACTION SOURCE DEST PROTO DPORT SPORT
|
||||||
# PORT PORT(S)
|
|
||||||
ACCEPT $FW Z1:1.2.3.4 udp 500
|
ACCEPT $FW Z1:1.2.3.4 udp 500
|
||||||
ACCEPT Z1:1.2.3.4 $FW udp 500
|
ACCEPT Z1:1.2.3.4 $FW udp 500
|
||||||
ACCEPT $FW Z1:1.2.3.4 50
|
ACCEPT $FW Z1:1.2.3.4 50
|
||||||
@ -322,15 +321,14 @@ ACCEPT Z2:1.2.3.4 $FW udp 500</programlisting>
|
|||||||
<para><filename>/etc/shorewall/tunnels</filename>:</para>
|
<para><filename>/etc/shorewall/tunnels</filename>:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
|
<programlisting>#TYPE ZONE GATEWAY GATEWAY_ZONE
|
||||||
pptpserver Z1 1.2.3.4</programlisting>
|
pptpserver Z1 1.2.3.4</programlisting>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
|
|
||||||
<para>/<filename>etc/shorewall/rules</filename>:</para>
|
<para>/<filename>etc/shorewall/rules</filename>:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#ACTION SOURCE DEST PROTO DEST SOURCE
|
<programlisting>#ACTION SOURCE DEST PROTO DPORT SPORT
|
||||||
# PORT PORT(S)
|
|
||||||
|
|
||||||
ACCEPT Z1:1.2.3.4 $FW tcp 1723
|
ACCEPT Z1:1.2.3.4 $FW tcp 1723
|
||||||
ACCEPT $FW Z1:1.2.3.4 47
|
ACCEPT $FW Z1:1.2.3.4 47
|
||||||
@ -347,15 +345,14 @@ ACCEPT Z1:1.2.3.4 $FW 47</programlisting>
|
|||||||
<para><filename>/etc/shorewall/tunnels</filename>:</para>
|
<para><filename>/etc/shorewall/tunnels</filename>:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
|
<programlisting>#TYPE ZONE GATEWAY GATEWAY_ZONE
|
||||||
openvpn:<emphasis>port</emphasis> Z1 1.2.3.4</programlisting>
|
openvpn:<emphasis>port</emphasis> Z1 1.2.3.4</programlisting>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
|
|
||||||
<para><filename>/etc/shorewall/rules</filename>:</para>
|
<para><filename>/etc/shorewall/rules</filename>:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#ACTION SOURCE DEST PROTO DEST SOURCE
|
<programlisting>#ACTION SOURCE DEST PROTO DPORT SPORT
|
||||||
# PORT PORT(S)
|
|
||||||
|
|
||||||
ACCEPT Z1:1.2.3.4 $FW udp <emphasis>port</emphasis>
|
ACCEPT Z1:1.2.3.4 $FW udp <emphasis>port</emphasis>
|
||||||
ACCEPT $FW Z1:1.2.3.4 udp <emphasis>port</emphasis></programlisting>
|
ACCEPT $FW Z1:1.2.3.4 udp <emphasis>port</emphasis></programlisting>
|
||||||
@ -364,15 +361,14 @@ ACCEPT $FW Z1:1.2.3.4 udp <emphasis>port</emphasis></progr
|
|||||||
<para><filename>/etc/shorewall/tunnels</filename>:</para>
|
<para><filename>/etc/shorewall/tunnels</filename>:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
|
<programlisting>#TYPE ZONE GATEWAY GATEWAY_ZONE
|
||||||
openvpnclient:<emphasis>port</emphasis> Z1 1.2.3.4</programlisting>
|
openvpnclient:<emphasis>port</emphasis> Z1 1.2.3.4</programlisting>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
|
|
||||||
<para><filename>/etc/shorewall/rules</filename>:</para>
|
<para><filename>/etc/shorewall/rules</filename>:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#ACTION SOURCE DEST PROTO DEST SOURCE
|
<programlisting>#ACTION SOURCE DEST PROTO DPORT SPORT
|
||||||
# PORT PORT(S)
|
|
||||||
|
|
||||||
ACCEPT Z1:1.2.3.4 $FW udp - <emphasis>port</emphasis>
|
ACCEPT Z1:1.2.3.4 $FW udp - <emphasis>port</emphasis>
|
||||||
ACCEPT $FW Z1:1.2.3.4 udp <emphasis>port</emphasis></programlisting>
|
ACCEPT $FW Z1:1.2.3.4 udp <emphasis>port</emphasis></programlisting>
|
||||||
@ -381,15 +377,14 @@ ACCEPT $FW Z1:1.2.3.4 udp <emphasis>port</emphasis></progr
|
|||||||
<para><filename>/etc/shorewall/tunnels</filename>:</para>
|
<para><filename>/etc/shorewall/tunnels</filename>:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#TYPE ZONE GATEWAY GATEWAY ZONE
|
<programlisting>#TYPE ZONE GATEWAY GATEWAY_ZONE
|
||||||
openvpnserver:<emphasis>port</emphasis> Z1 1.2.3.4</programlisting>
|
openvpnserver:<emphasis>port</emphasis> Z1 1.2.3.4</programlisting>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
|
|
||||||
<para><filename>/etc/shorewall/rules</filename>:</para>
|
<para><filename>/etc/shorewall/rules</filename>:</para>
|
||||||
|
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<programlisting>#ACTION SOURCE DEST PROTO DEST SOURCE
|
<programlisting>#ACTION SOURCE DEST PROTO DPORT SPORT
|
||||||
# PORT PORT(S)
|
|
||||||
|
|
||||||
ACCEPT Z1:1.2.3.4 $FW udp <emphasis>port</emphasis>
|
ACCEPT Z1:1.2.3.4 $FW udp <emphasis>port</emphasis>
|
||||||
ACCEPT $FW Z1:1.2.3.4 udp - <emphasis>port</emphasis></programlisting>
|
ACCEPT $FW Z1:1.2.3.4 udp - <emphasis>port</emphasis></programlisting>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user